Common Cyber Insurance Objections

Selling a cyber policy may be challenging, but with an estimated two-thirds of businesses without cyber insurance, the potential is tremendous. Below are common cyber insurance objections you may hear from clients.

Objection

Response

“I am not a target for hackers.”

Many data breaches occur because of human error; a computer is stolen,
left in a cab, or a user does not utilize proper security protocols.

A study by National Cyber Security Alliance found that one in
five small businesses fall victim to cyber crime each year and roughly
60 percent of those businesses go out of business within six months.

A study by PwC US
found that security incidents have increased 66 percent year over year since
2009 with an average of 117,339 cyberattacks and security incidents
occurring per day.

A study by Trustwave found that 98 percent of all computer applications are at risk of being hacked.

“We do not sell goods or services online so we are not a cyber risk.”

If you capture and/or store customer and vendor data, you have cyber risk. Cyber policies are designed to address the risk of utilizing technology, computers and internet connectivity while conducting daily business including capturing, storing and using data every day.

“We use vendors for all our IT services.”

Based on data regulations, the company that collects data and records from clients is held responsible if a data breach occurs. Legal liability cannot be transferred by contract, therefore, if a point of sale device (i.e. cash register) is comprised, the obligation to notify impacted parties will fall on the business owner, not the vendor who processes or stores payment information.

Indemnification agreements typically limit recourse to the value of the contract. An average data breach involving personal financial records could cost a firm hundreds of thousands of dollars, well in excess of the value of most vendor contracts.

“We have top notch security in place.”

There is no such thing as “perfect security.” Agencies including the Central Intelligence Agency, White House and National Security Agency have been compromised by inside and outside parties, proving that no security solution is impenetrable. Cyber insurance augments even top notch security solutions.

“Our general liability policy will cover the loss.”

General liability (GL) policies lack the flexibility to address new and emerging cyber perils. Several significant court decisions have ruled that a GL policy does not cover data privacy breach losses and the Insurance Services Organization released a data loss liability exclusion for GL policies in 2014.